The CRA is coming: Are you ready?
Here's how the EU's Cyber Resilience Act will reshape the software industry — and how that can accelerate advantages.
Paul Roberts
Director of Content and Editorial at RL. Paul is a reporter, editor and industry analyst with 20 years’ experience covering the cybersecurity space. He is the founder and editor in chief at The Security Ledger, a cybersecurity news website. His writing about cyber security has appeared in publications including Forbes, The Christian Science Monitor, MIT Technology Review, The Economist Intelligence Unit, CIO Magazine, ZDNet and Fortune Small Business. He has appeared on NPR’s Marketplace Tech Report, KPCC AirTalk, Fox News Tech Take, Al Jazeera and The Oprah Show.
Posts from Paul Roberts
The CRA is coming: Are you ready?
Axios: How AppSec teams should respond
Here's a mitigations checklist and best practices. Plus: How RL’s xBOM and Spectra Assure Community can help.
How JPMC tackles software ‘trust debt’
JPMorgan Chase CISO Patrick Opet discussed his letter on third-party software risk — and how that has played out.
The TeamPCP supply chain attack evolves
The malicious campaign started with Trivy and Checkmarx and has shifted to LiteLLM — and now telnix. Here's how.
Notepad++ hack: Supply chain threats evolve
A compromise of the source code editor underscores attack method diversification. It's time to go beyond trust.
AI vulnerability reporting fails maintainers
Google and others are inundating developers with AI-driven reporting. Are AI-enabled fixes the answer?
FAQ: The Shai-hulud npm worm attack explained
Here's what you need to know about the discovery of the first self-replicating npm worm, which compromised packages with cloud token-stealing malware.
Crypto wallets hit in widespread npm, GitHub hack
A phishing campaign against maintainers resulted in malware distribution via Javascript in top open-source packages.
AI coding tools revive old-school hacks
Researchers at Black Hat discussed how these tools can leave development teams vulnerable to hacks like remote-code execution.